The Gramm-Leach-Billey Act (GLBA), also known as the Financial Services Modernization Act of 1999, was signed into law by President Bill Clinton in 1999 and came into effect in 2002. It applies to all financial institutions, which it defines as: “companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.” These financial institutions are also beholden to jurisdiction by the Federal Trade Commission (FTC). Types of businesses include, but are not limited to:

  • Banks
  • Tax return preparers
  • Non-bank mortgage lenders
  • Real estate appraisers
  • Financial/ investment advisers
  • Debt Collectors
  • Loan brokers
  • Insurance companies

Noncompliance with the GLBA incurs severe civil and criminal penalties. Civil penalties include fines up to $100,000 for each violation, while key officers may be fined up to $10,000 per violation.

gramm-leach-billey act compliance logo

GLBA & The Proper Disposal of Consumer Information

Blancco Data Eraser solutions help address requirements in the GLBA, specifically 16 CFR 682 – DISPOSAL OF CONSUMER REPORT INFORMATION AND RECORDS. This portion of the regulation went into effect on June 1, 2005 and is designed to protect consumer information whether in paper, electronic or other form—or a compilation of such records. It does not include information that doesn’t directly identify individuals.

Article 682.3 – Proper disposal of consumer information – states that “Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.” In this instance, “disposal” refers to the “discarding or abandonment of consumer information” or “The sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.”

The article also states that “Reasonable measures to protect against unauthorized access to or use of consumer information in connection with its disposal include… implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed.”

 

How Blancco Solutions Can Help

Active Erasure Solutions: Blancco active erasure solutions, including Blancco File Eraser, Blancco LUN Eraser and Blancco Virtual Machine Eraser, erase data in your data center without any downtime, completely destroying this data from a memory location so that it cannot be retrieved by any know data recovery/forensic processes. This process satisfies GLBA requirement 682.3 by preventing customer data from being exposed in the event of a breach.

End-of-Life Erasure Solutions: GLBA also address the secure disposal of consumer data from the IT equipment that contains it when it is sold, donated or transferred. Blancco partners with a number of IT asset disposition providers to provide secure, complete erasure before assets are remarketed, donated or physically destroyed. With solutions to address data on drives, mobile phones, computers and removable media devices, companies that dispose of data, both internally and through an external partner, can benefit from the security that complete data erasure brings.

For 20 years, Blancco has offered solutions that support compliance with data protection and privacy regulations such as the GLBA. We support the need for heavily regulated industries to stay compliant with these regulations with data erasure solutions that satisfy (and often exceed) those requirements.

Contact us today for additional information about how we can help you pass your next data security and compliance audit.

[crp limit=”5″ heading=”1″ cache=”0″]